Sysinternals Freeware - Mark Russinovich & Bryce Cogswell

Our Publications

Copyright 2004 Mark Russinovich and Bryce Cogswell
Last Updated: July 2, 2004


On this page you'll find a bibliography of our publications. In addition, you'll find the upcoming schedule of topics that will be covered in Mark's Windows IT Pro Magazine (formerly Windows 2000 Magazine and Windows NT Magazine) column, Internals (formerly NT Internals), and a section on column errata. Where applicable, the article title will link to the on-line version of the text.

The Sysinternals Newsletter

Mark writes the Sysinternals e-mail newsletter, which comes out approximately every month and a half. The Sysinternals newsletter keeps you abreast of new tools, articles and source code at Sysinternals, plus it provides you unique information on Windows internals that you won't find anywhere else. If you subscribe you get immeditate access to all the back issues.

Sign up and see a list of back issues here.

Windows Internals, 4th Edition

Mark has coauthored Windows Internals, 4th Edition (MS Press) with Dave Solomon. This definitive work on the internals of Windows 2000, Windows XP and Windows Server 2003 covers a slew of topics not included in previous editions, including the boot process, services, registry internals, WMI, the storage subsystem, file systems, and more.

Visit the Winternals Internals page for updates and errata.

Power Tools Column

All Windows IT Pro Magazine articles over 4 issues old are on-line. Newer articles are available on-line to subscribers only (this is Windows IT Pro Magazine's policy, as they own the copyright on my columns).

October '05 AccessEnum
August '05 BgInfo
April '05 TCPView and TCPCons
February '05 PsShutdown
November '04 Autoruns
September '04 Pslist and Pskill
July '04 PsExec

Internals Column

All Windows IT Pro Magazine articles over 4 issues old are on-line. Newer articles are available on-line to subscribers only (this is Windows IT Pro Magazine's policy, as they own the copyright on my columns).

February '01Inside Crash Dump Analysis
Winter '00Inside Windows 2000 NTFS, Part 2
November '00Inside Windows 2000 NTFS, Part 1
July '00Inside Windows Services, Part 2
June '00Inside Windows Services, Part 1
April '00Inside Storage Management, Part 2
March '00Inside Storage Management, Part 1
February '00Inside Windows Management Interface
December '99Inside Win2K Scalability Enhancements, Part 2
November '99Inside Win2K Scalability Enhancements, Part 1
October '99Inside Win2K Reliability Enhancements, Part 3
September '99Inside Win2K Reliability Enhancements, Part 2
August '99Inside Win2K Reliability Enhancements, Part 1
July '99Inside EFS, Part 2
June '99Inside EFS, Part 1
May '99Registry Internals
March '99Inside NT Networking
February '99Inside NT Utilities
January '99Inside the Boot Process, Part 2
November '98Inside the Boot Process, Part 1
October '98Inside the Cache Manager
September '98Inside Memory Management, Part 2
August '98Inside Memory Management, Part 1
July '98Inside Microsoft Terminal Server (Hydra)
June '98Inside Security, Part 2
May '98Inside Security, Part 1
April '98Inside NT Architecture, Part 2
March '98Inside NT Architecture, Part 1
February '98Inside Microsoft Cluster Server (Wolfpack)
January '98Inside NTFS
December '97Inside the Blue Screen
November '97Inside Interrupt Handling
October '97Inside the Object Manager
September '97Inside On-Access Virus Scanners
August '97Inside the Scheduler, Part 2
July '97Inside the Scheduler, Part 1
May '97Inside Disk Defragmenting

Internals Column Errata

Inside the Windows NT Scheduler, Part 2

In the column I state that by default threads do not have ideal processors. However, all threads are assigned an ideal processor. The first thread of a process is assigned an ideal processor that is randomly chosen for it. Subsequent threads are assigned ideal processors by cycling through the processors in the system. The thread migrations exhibited due to soft-affinity are actually due to the scheduler trying to keep threads on their arbitrarily assigned ideal processors, rather than on the last CPU they ran on. Note that the Win32 API SetThreadIdealProcessor can be used to override the random selection.

The paragraph describing KiReadyThread says that it schedules a thread on a CPU if the thread has a priority equal to or higher than the thread currently executing on the CPU. The priority of the executing thread must actually be lower than the thread's in question.

Inside the Boot Process, Part 2

The Last Known Good control set is not committed until after all services have successfully initialized and a user successfully logs in. When a user logs in the Winlogon program calls out to the logon interface (GINA) to perform processing of the request, and Microsoft's default GINA, MSGINA, checks to see if all services have finished initializing - if so, it requests that the Service Control Manager mark the current control set as the 'last known good'. If the services have not finished initializing at the time a user logs in, the Service Control Manager notes that a user has logged in and updates the 'last known good' after the services are done initializing.


Windows IT Pro Magazine articles are available on-line only to subscribers.

Back to Top